Installing Slave KDC
Monica Lau
mllau2002 at yahoo.com
Wed Jul 10 01:03:17 EDT 2002
Hi all,
I am trying to port Kerberos to the Lynx OS (real time OS very similar to Linux). I'm very new to Kerberos, and I'm learning along the way. Fortunately, I was able to build it on Lynx successfully, and I've attached the steps here in MS Word format if anyone is interested. (Please let me know, too, if anyone has better solutions :-)
I was able to install the master KDC, and it works! (Followed the steps in the installation guide.) Then I tried to install the slave KDC, and this is where I'm stuck at currently. I have some questions below that I'm pretty confused on, and I hope you can offer some hints or suggestions:
1. In order to propagate the master KDC's database to the slave KDC, do I need to first create the database on the slave KDC? If so, do I follow the same steps as in creating the master KDC database? Are the krb5.conf files the same on both KDCs?
2. In the krb5.conf file, if it only contains the master KDC initially and then later, I decide to set up a slave KDC, do I need to add the slave KDC in the krb5.conf file? Also, when does the krb5.conf file gets read?
3. I'm very confused on the part about extracting host keytabs for the KDCs. So, if my master KDC is "kerberos," then on that machine, I would do "ktadd host/kerberos" Then on my slave KDC, "kerberos-1," I would do "ktadd host/kerberos-1" Are these steps correct? Do I also have to do "ktadd host/kerberos-1" on the master KDC?
4. When I tried to propagate the master KDC database to the slave KDC, I got this error message:
Error msg1:
# ./kprop -f /usr/local/var/krb5kdc/slave_datatrans kerberos-1
./kprop: Server not found in Kerberos database while getting initial ticket
Error msg2:
# ./kprop -f /usr/local/var/krb5kdc/slave_datatrans kerberos-1 at REALM_NAME
./kprop: while setting server principal name
I don't know why I'm getting the first error message because host/kerberos-1 is in the database (saw this by typing "getprincs" in kadmin.local). I tried the second format, and I don't understand the error message.
Thanks very much for your time and help! I really appreciate it.
Sincerely,
Monica
---------------------------------
Do You Yahoo!?
New! SBC Yahoo! Dial - 1st Month Free & unlimited access
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/kerberos/attachments/20020709/d1bf718c/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: build_kerberos.doc
Type: application/msword
Size: 29696 bytes
Desc: build_kerberos.doc
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20020709/d1bf718c/attachment.doc
More information about the Kerberos
mailing list